MI HB5330

Public entities and their contractors would be prohibited from procuring, operating, or deploying small unmanned aircraft systems (drones under 55 pounds) unless they meet specific cybersecurity and data protection requirements, effective one year after enactment

All data collected by drones—including video, photos, telemetry, and personally identifiable information—must be stored only within the United States and managed in compliance with federal/state privacy laws and CISA/FBI guidelines

Drones must use AES-256 encryption, operate on secured networks, require multifactor authentication, incorporate tamper-proof hardware, and automatically delete data within 45 days unless retained for law enforcement purposes

Public entities must conduct annual security audits and obtain certifications demonstrating compliance with NIST Cybersecurity Framework 2.0, ISO 27001, and SOC 2 standards

The Michigan Department of State Police is tasked with establishing regulations for implementation, including security assessments, privacy protection measures, operator training requirements, and enforcement mechanisms